IPA server decimal and hexadecimal usage in CA and KRA pki-tomcat serial number ranges

Solution Verified - Updated 2023-03-24T17:32:06+00:00 -

Issue

An IPA replica server was rebuilt and created a new Key Recovery Authority (KRA) serial number range to be used as its next range. In LDAP it appears as:
```
dn: cn=270000001,ou=keyRepository,ou=ranges,o=kra,o=ipaca
beginRange: 270000001
endRange: 280000000
host: ipareplica01.example.com
```

In /etc/pki/pki-tomcat/kra/CS.cfg the range appears as:

dbs.beginSerialNumber=20ffa0001
dbs.endSerialNumber=20ffb0000

When a specific repository is initialised with the hexadecimal radix, it gets the numbers from LDAP which are always returned as decimal radix, and then interprets them as hexadecimal.

Environment

Red Hat Enterprise Linux (RHEL)
- 8
Identity Management (IdM)
ipa-server-4.9.6-10.module+el8.5.0+13587+92118e57.x86_64

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2024 Red Hat, Inc.

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)